OpenOTP 1.0.13

OpenOTP Authentication Server
OpenOTP is the RCDevs user authentication solution. It is a server application which provides multiple (highly configurable) authentication schemes for your LDAP users. The supported authentications schemes are based on One-Time Passwords technologies:

* OATH HOTP/TOTP Software Token Password Generators
* SMS One-Time Passwords
* Mail / Secure Mail One-Time Passwords

OpenOTP solution is composed of the WebADM server application, the OpenOTP SOAP service, the optional Radius Bridge and the User Self-service Desk end-user Web Application.

Available for free, OpenOTP brings an unbeatable combination of cost-efficiency, security and easy of use to corporate and web application access.

Supported Mobile Devices

OpenOTP strictly implements the OATH One-time password standards (HOTP/TOTP/SMS).

Many OATH-compliant Software Tokens from various vendors are available for:

* Google Android
* Java Phones (J2ME)
* Windows Mobile, Blackberry, Palm
* Apple iPhone, iPod

OpenOTP Authentication Service

OpenOTP provides a SOAP/XML based Web service. The API is available as a SOAP WSDL service description file. The API is very simple and makes it possible to implement OpenOTP One-Time Password functionalities into your existing web applications in minutes. Client programming templates are available in the "Downloads" section.

You can use OpenOTP with:

* Web Applications (Java, PHP, ASP...)
* VPN Servers (Requires OpenOTP RADIUS Bridge)
* Microsoft Exchange / Sharepoint (Requires Microsoft Plugin)

OpenOTP WebApp
(User Self-service Desk)

Software Tokens technologies require the end-user to download the mobile software, register the initial Token Key on the authentication server, and sometime to resynchronize the password generator.

OpenOTP includes an end-user Web Application (SelfDesk) to simplify the deployment of the solution as much as possible. SelfDesk is a simple end-user self-management portal to be plugged into WebADM, and published on your corporate or public network.

SelfDesk allows end-users to self-configure some personal settings, update their account information (ex. mobile number or email address), download, register and resync their software Tokens.

Product Requirements

* A dedicated computer or Virtul machine with Linux (see below for supported distributions)
* 1 GHz processor (Core2 processor recommended)
* Both 32 and 64 bit chips are supported
* 1GB RAM (2GB recommended)
* 200MB disk space for installation files
* Network access via Ethernet and DNS integration
* Internet access for publishing webapps and SMS gateways

For small and mid-size organizations, all components can be installed on the server. Yet, for large-scale installation it is recommended to install the components separately.
The listed components can by splitted for security reasons, failover or load balancing:

* WebADM Aminstration Console (One or more instances)
* Web Services Server (one or more instances)
* WebApps Server (one or more instances)
* PKI certificate authority (one instance only)

WebADM and the application components (Web Services and WebApps) runs on any system based on Glibc >= 2.2. Recommended distributions are:

* Redhat Enterprise / Centos (Recmomended Centos 5.4)
* Novell Suze
* Debian

Main features:

  • Robust implementation running in the high performance WebADM SOAP engine.
  • SOAP XML API (with WSDL service description) over HTTP/HTTPS.
  • RADIUS API for VPNs and RADIUS-compatible devices (See OpenOTP Radius Bridge).
  • Domain support with mappings to LDAP subtrees or dedicated directories.
  • No replication/import/synchronization of your LDAP users (our solutions directly use the LDAP user/groups).
  • OpenOTP settings (security policies) can be adjusted per users or groups in LDAP and in the API.
  • Many configurations available, adjustable per server/domain/group/user (through 100% graphical interface).
  • Support for both LDAP direct and indirect groups (Active Directory).
  • Sensitive user data (such as token keys) are encrypted in LDAP with AES-256.
  • SMSOTP supports Clickatell and OVH SMS gateways via SOAP over HTTPS.
  • Possibility to add other SMS Gateways (supporting HTTP or SOAP or HTTP-based interfaces).
  • Support both OATH Event-Based (HOTP) and Time-based (TOTP) One-time Password standards.
  • Built-in replay attack protection for OATH Time-based One-time Passwords.
  • Session locking and session duplicates protection (when running multiple servers).
  • Customizable end-user messages (mail, SMS, SOAP...)
  • Full multilingual support for all end-user messages with Unicode and UTF-8 (per-user language support).
  • Comprehensive logging and accounting in SQL (accessible from the powerful WebADM Log Viewer).
  • Configurable user blocking timers with authentication failures.
  • Uses WebaADM network Session Manager with AES-256 encrypted user sessions.
  • Designed for scalability (support for failover, load balancing, feature restrictions).
  • Easy installation, update and configuration in WebADM.
  • Runs in WebADM service container

last updated on:
June 14th, 2011, 8:34 GMT
license type:
GPL (GNU General Public License) 
developed by:
ROOT \ Security
Download Button

In a hurry? Add it to your Download Basket!

user rating 1



Rate it!
What's New in This Release:
  • An OCRA problem with numeric challenges was fixed.
  • An action to unblock accounts was added.
  • Password Swap feature was added for simpler RADIUS and PAM support.
  • An Emergency OTP password feature was added: you can set a temporary OTP for users who cannot use their usual OTP and need access.
read full changelog

Add your review!